Ransomware has evolved from its humble beginnings, from encrypting most files on a single system and asking for a relatively small payout in a cryptocurrency, to more sophisticated practices like affecting data exfiltration, attacking databases, spreading laterally among different systems, and credential grinding. Recently, ransomware may look like is losing the competition against crypto jacking because crypto jacking is offering a better payout proposition. Don’t be fooled, ransomware has not entirely disappeared, and it will continue to exist thanks to the weak implementations of IoT devices.
Ransomware has evolved unobtrusively since it exploded in popularity a few years ago. It has an excellent balance between profitability and the aversion to paying, meaning that if the ransom is too high, the victim will avoid paying the ransom and find another way to “survive” the cyber attack. This is why the hacker or hackers behind it will always look for the “sweet spot” in which the ransomed company feels it’s a reasonable price to retrieve the data.
Paying the ransom typically is not recommended, although victims often choose to pay because, it is the fastest, most efficient way to regain control of hijacked data. Unfortunately, it’s also risky because, If you pay the ransom, there is no guarantee you will get your data back or that the data was not exported elsewhere. If a company have data that is unable to restore, then it makes sense to entertain the negotiation with a ransomware attacker. However, as a default mode, it is better not to negotiate as there is no guarantee that they won’t already be on your company network. Also, by paying a ransom, you put yourself at risk for future attacks. If a hacker is successful the first time, they will try again.
Companies can significantly reduce their risk by hardening their cybersecurity. This is a list of all the cybersecurity essentials that need to be covered:
• Learn how most common successful attacks are made.
• Have an acceptable use policy.
• Enforce a rigorous password policy.
• Blacklist known bad domains within DNS and known bad IP addresses.
• Block content based on executables and file suffix. Scan all embedded URLs, sandbox all attachments and enforce non-mail-based file transfers.
• Minimize the number of users with administrative privileges.
• Keep everything up to date and done so promptly.
• Ensure all cybersecurity infrastructure is updated and running correctly.
• Back up all critical systems.
• Log system accesses, and regularly review and look for anomalies.
• Implement a continuous monitoring methodology.
• Train and educate staff to help with proactive detection of malicious content and perform monthly phishing testing.
In the end, the tragedy of ransomware is that many companies will fail to act until after an infection. In the meantime, the threat from this pernicious class of malware is mounting. There’s such an evolution in ransomware that we can’t see it ever going away.
Ransomware attacks represent reality for all major companies or individual users, and unfortunately, this kind of cyber attacks will keep coming. However, there are steps companies can take to protect and secure themselves which includes adopting a top cybersecurity solution like an antivirus, implementing robust procedures for patching software and technologies against security vulnerabilities and hiring a specialized cybersecurity firm that would run extra tests like penetration test and ethical hacking test on their network. Maintaining a routine like this closes potential holes in company infrastructure.
Ransomware spreads like wildfire and is the most time critical of cyber threats. The ability to detect the pre-cursor behaviors of ransomware is the only way to get ahead of the attack. Unfortunately, that’s almost impossible to do if you are unprotected. To be safe and secured against ransomware like this, depending on which version of OS your device runs, please install an antivirus for Windows or antivirus for Mac.